From: Christian Brauner Date: Fri, 5 Feb 2021 08:56:59 +0000 (+0100) Subject: tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL) X-Git-Tag: lxc-5.0.0~299^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8917c3825a8fbd8a0f8a30696a37a74054d45d11;p=thirdparty%2Flxc.git tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL) Signed-off-by: Christian Brauner --- diff --git a/src/lxc/attach.c b/src/lxc/attach.c index 03b29338d..edddfc565 100644 --- a/src/lxc/attach.c +++ b/src/lxc/attach.c @@ -1214,7 +1214,7 @@ __noreturn static void do_attach(struct attach_payload *ap) goto on_error; } - if (!lxc_setgroups(0, NULL) && errno != EPERM) + if (!lxc_drop_groups() && errno != EPERM) goto on_error; if (options->namespaces & CLONE_NEWUSER) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index ee116cb66..665e83c24 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -965,7 +965,7 @@ static int cgroup_tree_remove_wrapper(void *data) gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; int ret; - if (!lxc_setgroups(0, NULL) && errno != EPERM) + if (!lxc_drop_groups() && errno != EPERM) return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)"); ret = setresgid(nsgid, nsgid, nsgid); @@ -1574,7 +1574,7 @@ static int chown_cgroup_wrapper(void *data) uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; - if (!lxc_setgroups(0, NULL) && errno != EPERM) + if (!lxc_drop_groups() && errno != EPERM) return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)"); ret = setresgid(nsgid, nsgid, nsgid); diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c index c22a33bb4..26022c806 100644 --- a/src/lxc/cmd/lxc_usernsexec.c +++ b/src/lxc/cmd/lxc_usernsexec.c @@ -88,7 +88,7 @@ static int do_child(void *vargv) int ret; char **argv = (char **)vargv; - if (!lxc_setgroups(0, NULL) && errno != EPERM) + if (!lxc_drop_groups() && errno != EPERM) return -1; /* Assume we want to become root */ diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 22a3b32dc..4d258ada7 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -4282,7 +4282,7 @@ int userns_exec_minimal(const struct lxc_conf *conf, close_prot_errno_disarm(sock_fds[0]); - if (!lxc_setgroups(0, NULL) && errno != EPERM) + if (!lxc_drop_groups() && errno != EPERM) _exit(EXIT_FAILURE); ret = setresgid(resgid, resgid, resgid); @@ -4700,7 +4700,7 @@ int userns_exec_mapped_root(const char *path, int path_fd, if (!lxc_switch_uid_gid(0, 0)) _exit(EXIT_FAILURE); - if (!lxc_setgroups(0, NULL)) + if (!lxc_drop_groups()) _exit(EXIT_FAILURE); ret = fchown(target_fd, 0, st.st_gid); diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index c8d93a30a..0b1729b90 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -3660,7 +3660,7 @@ static int clone_update_rootfs(struct clone_update_data *data) /* update hostname in rootfs */ /* we're going to mount, so run in a clean namespace to simplify cleanup */ - (void)lxc_setgroups(0, NULL); + (void)lxc_drop_groups(); if (setgid(0) < 0) { ERROR("Failed to setgid to 0"); diff --git a/src/lxc/start.c b/src/lxc/start.c index abc70d28f..0a9edc303 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1111,7 +1111,7 @@ static int do_start(void *data) /* Drop groups only after we switched to a valid gid in the new * user namespace. */ - if (!lxc_setgroups(0, NULL) && + if (!lxc_drop_groups() && (handler->am_root || errno != EPERM)) goto out_warn_father; @@ -1410,7 +1410,7 @@ static int do_start(void *data) #if HAVE_LIBCAP if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE)) #endif - if (!lxc_setgroups(0, NULL)) + if (!lxc_drop_groups()) goto out_warn_father; if (!lxc_switch_uid_gid(new_uid, new_gid)) diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c index 0a28dc9c9..a0ef68c66 100644 --- a/src/lxc/storage/btrfs.c +++ b/src/lxc/storage/btrfs.c @@ -374,7 +374,7 @@ int btrfs_snapshot_wrapper(void *data) const char *src; struct rsync_data_char *arg = data; - (void)lxc_setgroups(0, NULL); + (void)lxc_drop_groups(); if (setgid(0) < 0) { ERROR("Failed to setgid to 0"); diff --git a/src/lxc/storage/rsync.c b/src/lxc/storage/rsync.c index 2e4df2537..b369f9c63 100644 --- a/src/lxc/storage/rsync.c +++ b/src/lxc/storage/rsync.c @@ -35,7 +35,7 @@ int lxc_rsync_exec_wrapper(void *data) if (!lxc_switch_uid_gid(0, 0)) return -1; - if (!lxc_setgroups(0, NULL)) + if (!lxc_drop_groups()) return -1; return lxc_rsync_exec(args->src, args->dest); @@ -96,7 +96,7 @@ int lxc_rsync(struct rsync_data *data) if (!lxc_switch_uid_gid(0, 0)) return -1; - if (!lxc_setgroups(0, NULL)) + if (!lxc_drop_groups()) return -1; src = lxc_storage_get_path(orig->dest, orig->type); diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c index f96bd520b..a976256e5 100644 --- a/src/lxc/storage/storage_utils.c +++ b/src/lxc/storage/storage_utils.c @@ -461,7 +461,7 @@ int storage_destroy_wrapper(void *data) { struct lxc_conf *conf = data; - (void)lxc_setgroups(0, NULL); + (void)lxc_drop_groups(); if (setgid(0) < 0) { SYSERROR("Failed to setgid to 0");